MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 9936263d7a358e5113b0ba284d8c321c2bfd9510cf4213c7ad5b5fd6b54db9ed. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


GuLoader


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 9936263d7a358e5113b0ba284d8c321c2bfd9510cf4213c7ad5b5fd6b54db9ed
SHA3-384 hash: cc30b4e6d20d1e4c07201177ec2e4c2052ba4b74884149b89a7e2da2f0327065b5911b30ea3c80843f4d6451c198f059
SHA1 hash: bc35bcbe1e47ac4c5f4823870da38e15c34cb4fc
MD5 hash: 6ca3a041791f61c72c358c8104125f18
humanhash: ceiling-thirteen-artist-stairway
File name:Tamandua.exe
Download: download sample
Signature GuLoader
Create hunting rule
File size:86'016 bytes
First seen:2020-05-12 11:19:12 UTC
Last seen:2020-05-12 11:47:15 UTC
File type:Executable exe
MIME type:application/x-dosexec
imphash d9a3d71e6262bde67b06cb9260dd387e (1 x GuLoader)
ssdeep 768:cnHjj8vSZuAkctMFJDrILi8TzuBbLEPMKFvrql7S:MfMSZ0ZrDYTzMbgPD62
Threatray 5'120 similar samples on MalwareBazaar
TLSH 9F834B56F594F233D6648BB15BB192A4061DFC302A438913B1D9771E6A3FE81E53232F
Reporter jarumlus
Tags:GuLoader

Intelligence

File Origin
# of uploads :
3
# of downloads :
86
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
SecuriteInfo.com.Variant.Ursu.163565.23450.31784.UNOFFICIAL
Create hunting rule

Gathering data
Threat name:
Win32.Trojan.Wacatac
Create hunting rule
Status:
Malicious
First seen:
2020-05-12 11:36:10 UTC
File Type:
PE (Exe)
Extracted files:
6
AV detection:
24 of 31 (77.42%)
Threat level:
  2/5
Detection(s):
Suspicious file
Link:
https://check.spamhaus.org/check/?searchterm=te3cmpl2gwhfce5qxiue3dbsdqv73fiqz5bbhr5nlnp5nnknxhwq._file
Verdict:
malicious
Label(s):
guloader
Create hunting rule
Similar samples:
0ee92e10272c64a4416e2851c4fd4f8dfe600ce238445e3c4b8288f5aaea9ef4
GuLoader
109c73a382ad3562b4fa1c6cb8627104627490e93425ade372451f6f4426007b
GuLoader
16e85e5268ed68c1741fd6293948d18a7ac9a2854e0938a015f8a894469f88b6
GuLoader
62e14fd32e9017316aebcd340ef6c5c69176f457194d332e2aec17cab7de0787
GuLoader
a26f2c3365de0a5e3a9868ba0de16f81807076b54abc15625fdda5d730dd809c
GuLoader
ba3486ddcb815a5bfae81495f4f48576968b3d6de9f42e0d4358824d7ee583bd
GuLoader
c4b5846ab10b6ac87f6f176bcb8a3f76a720628fd8b1aa9d7c1f603192f67bd0
GuLoader
d252bafdd21ef871df2eeed20ae4cbf3b6e2f6df268d93ea563b01aaec889baa
GuLoader
e45490584a68e394f6714a78c96988adc241fd3acd783337bd66f26117535454
GuLoader
ed1cf9eefa4217ae91026ef61399f2c7a56110944d7be5c0b9459704453ea639
GuLoader
+ 5'110 additional samples on MalwareBazaar
Result
Malware family:
n/a
Score:
  7/10
Tags:
n/a
Link:
https://tria.ge/reports/201109-sf5jmqgsq2/
Behaviour
Suspicious use of SetWindowsHookEx
Suspicious use of NtSetInformationThreadHideFromDebugger
Checks QEMU agent state file
Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Malspam

GuLoader

zip d4ee482f000a6285714f6a2abf793c7769979331b135a226796cc2d82e652946

GuLoader

Executable exe 9936263d7a358e5113b0ba284d8c321c2bfd9510cf4213c7ad5b5fd6b54db9ed

(this sample)

  
Dropped by
MD5 073051e1e8c88979d7d19e134771844a
  
Dropped by
SHA256 d4ee482f000a6285714f6a2abf793c7769979331b135a226796cc2d82e652946
  
Delivery method
Distributed via e-mail attachment

Comments